摘要
文章对云环境中应用安全责任分工进行详细分析,研究云环境下传输及非流动性数据安全的解决方案。基于AWS公有云服务环境,应用拥有者对于传输中的数据使用VPC提供的路由表进行公网私网的隔离,使用虚拟机安全组来进行网络接入控制,通过IPsec VPN保证传送数据的机密性;对于非流动性的数据,通过AES-256进行加密,结合身份访问控制系统来进行数据的访问控制,数据库通过多可用区复制技术实现更高的数据可用性。通过对传输中的数据及非流动性的数据安全解决方案分析,保证了传统环境下的信息系统向公有云服务迁移中及迁移后的数据安全。
This paper analyzes application security assignment of responsibility in cloud environment in detail, studies the data security solutions of the data in transit and at rest in cloud environment. Based on the AWS public cloud service environment, for the data in transit, application owners use the routing table that VPC provides for the separation of public and private network, uses the virtual machine security group for network access control, and uses the IPsec VPN to ensure the confidentiality. For the data at rest, using AES-256 to enciphered data, combining with the identity access control system for data access control, the database achieve higher data availability through multiple availability zones. Based on analyzing security solutions of the data in transit and at rest, ensure the data security during and after the migration of information system of traditional environment to the public cloud service.
出处
《信息通信技术》
2015年第1期52-58,共7页
Information and communications Technologies
关键词
数据安全
数据加密
权限控制
安全架构
Data Security
Data Encryption
Access Control
Security Architecture
